From: Don Armstrong Date: Sun, 9 Sep 2007 13:06:01 +0000 (+0000) Subject: * Add blars changes X-Git-Url: https://git.donarmstrong.com/?p=spamassassin_config.git;a=commitdiff_plain;h=e13a06fa8b981989708c3f45b278c5b57089120a * Add blars changes * Add symlinks from {bugs,lists}/common->../common git-svn-id: svn+ssh://svn.debian.org/svn/pkg-listmaster/trunk/spamassassin_config@8 0b7a5b0c-1f2c-0410-bd74-c376f8064c91 --- diff --git a/bugs/common b/bugs/common new file mode 120000 index 0000000..60d3b0a --- /dev/null +++ b/bugs/common @@ -0,0 +1 @@ +../common \ No newline at end of file diff --git a/bugs/user_prefs b/bugs/user_prefs index 8188d43..a22090d 100644 --- a/bugs/user_prefs +++ b/bugs/user_prefs @@ -8,7 +8,6 @@ # HEY YOU. YES YOU. # RUN spamassassin --lint! -rewrite_subject 0 report_safe 1 #defang_mime 0 required_hits 4 @@ -25,19 +24,13 @@ use_razor2 1 # testing only --joy, 2003-09-12 # 2005-01-28 blarson -- doesn't seem to be useful, disabling #ok_locales en -#ok_languages en #score CHARSET_FARAWAY 0.03 -#score CHARSET_FARAWAY_HEADERS 0.02 #score HTML_CHARSET_FARAWAY 0.005 #score MIME_CHARSET_FARAWAY 0.02 -#score UNDESIRED_LANGUAGE_BODY 0.03 ok_locales all -ok_languages all score CHARSET_FARAWAY 0 -score CHARSET_FARAWAY_HEADERS 0 score HTML_CHARSET_FARAWAY 0 score MIME_CHARSET_FARAWAY 0 -score UNDESIRED_LANGUAGE_BODY 0 #bayes_expiry_scan_count 20000 @@ -56,20 +49,13 @@ bayes_ignore_header X-Spam-Status # blarson -- ajust again, now that it's trained 2004-05-13 # blarson 2004-10-22 # blarson 2006-10-29 2006-11-17 -auto_learn_threshold_nonspam -5 score BAYES_00 -3 -score BAYES_01 -2 -score BAYES_10 -1.5 score BAYES_20 -1 -score BAYES_30 -0.5 score BAYES_40 -0.2 -score BAYES_44 -0.1 score BAYES_50 0.5 -score BAYES_56 1 score BAYES_60 2 -score BAYES_70 2.5 score BAYES_80 3 -score BAYES_90 4 +score BAYES_95 4 score BAYES_99 4.5 include common/bts_specific diff --git a/common/bts_scores b/common/bts_scores index 5808578..95fc5cb 100644 --- a/common/bts_scores +++ b/common/bts_scores @@ -1,7 +1,3 @@ -# relays.osirusoft.com is gone --joy, 2003-08-27 -score RCVD_IN_OSIRUSOFT_COM 0 - - # Rules against generally dubious things that aren't supposed to be # valid mails to the BTS @@ -15,27 +11,14 @@ score HTML_WEB_BUGS 4 # several of the following were suggested by Santiago Vila # adding 3 points to defaults as of 2.53 -score MICROSOFT_EXECUTABLE 3.100 score MIME_HTML_ONLY 3.100 -score PENIS_ENLARGE 5.342 5.174 5.342 5.469 -score PENIS_ENLARGE2 5.290 5.799 3.909 5.126 score HTML_MESSAGE 1.667 1.600 1.666 1.5 -# adding 2 points to defaults as of 2.53 -score THE_BEST_RATE 6.300 6.141 5.954 6.284 -# cjwatson: this produces too many false positives -#score SUSPICIOUS_RECIPS 4.052 3.953 3.972 5.407 -score URGENT_BIZ 3.397 3.153 3.799 3.696 -score BASE64_ENC_TEXT 4.685 3.735 3.857 3.738 -score FROM_HAS_MIXED_NUMS2 3.101 3.699 3.101 4.178 score HTTP_EXCESSIVE_ESCAPES 3.101 3.500 3.259 4.060 score TO_MALFORMED 3.146 3.085 3.697 3.803 -score MIME_HTML_NO_CHARSET 2.742 2.738 2.141 2 score BAD_CREDIT 2.787 2.716 2.535 2.491 score MISSING_MIMEOLE 2.500 2.500 2.437 2.100 -score GREAT_OFFER 2 score CLICK_BELOW_CAPS 2.500 2.500 2.100 2.500 -score CLICK_BELOW 2.227 2.100 2.100 2 # adding 1 point to defaults as of 2.53 score X_PRIORITY_HIGH 2.919 2.989 1.815 2.873 @@ -43,34 +26,15 @@ score MANY_EXCLAMATIONS 2.097 1.782 2.216 2.094 score NORMAL_HTTP_TO_IP 1.942 1.531 1.524 1.926 score X_MSMAIL_PRIORITY_HIGH 1.404 1 1 1.021 score FROM_HAS_MIXED_NUMS 1 1 1.339 1 -# HTML_COMMENT_UNIQUE_ID gone in 2.53? score HTML_FONT_BIG 1.294 1.136 1.262 1.293 -score HTML_FONT_COLOR_RED 1.100 -score HTML_FONT_COLOR_BLUE 1.100 -score HTML_FONT_COLOR_GRAY 1.100 -score HTML_FONT_COLOR_UNSAFE 1.100 score SUB_FREE_OFFER 1.339 1.488 1.224 1.383 -score OFFER 1.100 -# FREE_MONEY gone in 2.53? -score DIET 1 1 1.042 1 score UPPERCASE_75_100 1 score UPPERCASE_50_75 1.840 1 1.334 1.478 score UPPERCASE_25_50 2.555 2.132 1.860 1.584 -score HTML_FONT_COLOR_NOHASH 1 score REMOVE_PAGE 1.318 1.100 1.365 1.303 -score MAILTO_WITH_SUBJ 1.409 1.115 1 1.573 -score HTML_TABLE_THICK_BORDER 2.101 2.101 2.101 1.500 score MIME_BOUND_NEXTPART 1.427 1.361 1.376 1.307 score DEAR_SOMETHING 3.596 3.596 2.806 2.803 -score HTML_IMAGE_ONLY_06 2.228 2.072 2.433 1.610 -score SUBJ_REMOVE 2.101 1.500 2.263 1.500 -score EARN_MONEY 1.967 2.228 1.960 1.744 -# /you (?:do not|no longer) wish to receive/i -score EXCUSE_14 1.046 1.100 1 1.016 score HTML_TITLE_UNTITLED 1.386 1.423 1.501 1.0 -score FOR_FREE 1.625 1.545 1.592 1.455 -score REMOVE_SUBJ 2.639 1.813 2.193 1.440 -score DEAR_FREIND 2.5 # these get +1 just on the merit of being fsckin' HTML in email score HTML_10_20 0.996 1.030 1.303 1.036 score HTML_20_30 1.287 1.104 1.293 1.571 @@ -84,8 +48,6 @@ score HTML_90_100 1.500 1 1 1 # and these get 1 point for being pr0n score PORN_16 3.896 3.896 3.166 3.799 -score PORN_4 3.371 3.599 2.457 3.135 -score PORN_6 2.560 3.613 3.900 2.764 score PORN_15 3.900 3.900 2.666 3.900 score AMATEUR_PORN 2.110 3.748 2.654 1.142 @@ -93,63 +55,14 @@ score AMATEUR_PORN 2.110 3.748 2.654 1.142 score FROM_ENDS_IN_NUMS 1.111 1.219 1.080 1.175 score NO_REAL_NAME 1.6 -# many spams have In-Reply-To as well, -# the 2.44 default of -0.847 is too much -# the 2.53 default of -3.300 -3.301 -0.600 -3.201 is even worse -score IN_REP_TO 0 - -# same as In-Reply-To, References gets abused as well -# the 2.53 default is -6.600 -6.600 -6.500 -6.500 -score REFERENCES -0.600 -0.600 -0.500 -0.500 - # normal mails which have debbugs-derived Subject fields have space, # the 2.44 default of 2.639 is too much # the 2.53 default is 2.425 2.026 1.101 2.329 score SUBJ_HAS_SPACES 1.5 -# spams sometimes have attributions too, -# the 2.53 default of -6.600 -6.500 -6.500 -6.500 is too much -score EMAIL_ATTRIBUTION -2.600 -2.500 -2.500 -2.500 - -# mass spams often seem to come from Exchange -# the 2.53 default of -5.801 -5.701 -5.701 -5.701 is just bonkers -score MSGID_GOOD_EXCHANGE 0.5 - -# stupidly too negative by default in 2.53, normalizing most to -1. -score USER_AGENT_MOZILLA_UA -1 -score USER_AGENT_APPLEMAIL -1 -score USER_AGENT_ENTOURAGE -1 -score USER_AGENT_GNUS_XM -1 -score USER_AGENT_IMP -1 -score USER_AGENT_MACOE -1 -score USER_AGENT_MOZILLA_XM -1 -score USER_AGENT_PINE -2 -score USER_AGENT_VM -1 -score USER_AGENT_FORTE -1 -score USER_AGENT_GNUS_UA -2 -score USER_AGENT_KMAIL -1 -score USER_AGENT_MOZILLA_UA -1 -score USER_AGENT_MSN -1 -score USER_AGENT_MUTT -2 -score USER_AGENT_TONLINE -1 -score USER_AGENT_XIMIAN -1 - -# pointless -score X_MAILING_LIST 0 - # trust Razor2 more, --joy 2003-07-20 # blarson 2006-10-29 rescore again score RAZOR2_CHECK 1.5 -score RAZOR2_CF_RANGE_01_10 0.5 -score RAZOR2_CF_RANGE_11_20 1 -score RAZOR2_CF_RANGE_21_30 1.5 -score RAZOR2_CF_RANGE_31_40 2 -score RAZOR2_CF_RANGE_41_50 2.5 -score RAZOR2_CF_RANGE_51_60 3 -score RAZOR2_CF_RANGE_61_70 3.5 -score RAZOR2_CF_RANGE_71_80 4 -score RAZOR2_CF_RANGE_81_90 4.5 -score RAZOR2_CF_RANGE_91_100 5 # blarson 2006-02-09 score RAZOR2_CF_RANGE_51_100 3 @@ -160,15 +73,9 @@ score SUSPICIOUS_RECIPS 0.5 # blarson 2005-11-01 score USERPASS 1 -# blarson 2006-10-26 -score MISSING_OUTLOOK_NAME 1 - # blarson 2006-11-13 drop score, many non-spams hit score FORGED_YAHOO_RCVD 1 -# blarson 2006-12-12 -score ORDER_NOW 2 - # blarson 2004-03-20 # Disable most DNSBLs -- overhead to high # blarson 2005-01-28 try reducing timeout while adding spamcop back @@ -177,26 +84,17 @@ score RCVD_IN_BL_SPAMCOP_NET 1 score RCVD_IN_BSP_OTHER 0 score RCVD_IN_BSP_TRUSTED 0 score RCVD_IN_DSBL 2 -score RCVD_IN_DYNABLOCK 0 -score RCVD_IN_NJABL 0 score RCVD_IN_NJABL_CGI 0 -score RCVD_IN_NJABL_DIALUP 0 score RCVD_IN_NJABL_MULTI 0 score RCVD_IN_NJABL_PROXY 0 score RCVD_IN_NJABL_RELAY 0 score RCVD_IN_NJABL_SPAM 0 -# OPM is below -score RCVD_IN_OPM 0 -score RCVD_IN_OPM_HTTP 0 -score RCVD_IN_OPM_HTTP_POST 0 -score RCVD_IN_OPM_ROUTER 0 -score RCVD_IN_OPM_SOCKS 0 -score RCVD_IN_OPM_WINGATE 0 -score RCVD_IN_RFCI 0.5 + +# ?? score RCVD_IN_RFCI 0.5 # SBL done below score RCVD_IN_SBL 0 # blarson 2006-01-06 SORBS up to 1 -score RCVD_IN_SORBS 1 +# ?? score RCVD_IN_SORBS 1 score RCVD_IN_SORBS_BLOCK 0.1 score RCVD_IN_SORBS_HTTP 0.1 score RCVD_IN_SORBS_MISC 0.1 @@ -208,15 +106,9 @@ score RCVD_IN_SORBS_ZOMBIE 0.1 # blarson 2004-11-16 # other network checks -- also disable # blarson 2005-10-29 enable again -score DNS_FROM_RFCI_DSN 0.5 -score MSGID_FROM_MTA_BACKUP 0.1 score NO_DNS_FOR_FROM 1 score ROUND_THE_WORLD 0 -# blarson 2004-10-22 -# spammers use habeas -score HABEAS_SWE 0.5 - # blarson, 2004-04-14 score BIZ_TLD 2.5 @@ -226,7 +118,3 @@ score REMOVE_PAGE 2.5 # blarson 2004-11-08 # claiming to be amazon... score USER_IN_DEF_WHITELIST 0.5 - -# blarson 2004-11-08 -score BANG_GUARENTEE 2 - diff --git a/common/common_spam b/common/common_spam index 508efa2..1541d09 100644 --- a/common/common_spam +++ b/common/common_spam @@ -17,6 +17,7 @@ tflags DIGEST_MULTIPLE net #reuse DIGEST_MULTIPLE score DIGEST_MULTIPLE 0 - - - +#blarson 2007-09-09 +header NODAY date =~ /^\s+\,/ +describe NODAY bad date format +score NODAY 2 diff --git a/common/money_spam b/common/money_spam index 199e2df..2527d36 100644 --- a/common/money_spam +++ b/common/money_spam @@ -220,7 +220,7 @@ score ANALLE 3 # blarson 2007-06-17 body REPWATCH2 /\breplica watch/i -describe REPWATCH still pushing fake watches +describe REPWATCH2 still pushing fake watches score REPWATCH2 2 # blarson 2007-07-19 diff --git a/common/phrase_spam b/common/phrase_spam index 552fdbb..7a3d9ae 100644 --- a/common/phrase_spam +++ b/common/phrase_spam @@ -226,7 +226,7 @@ score DIRT 3 # blarson 2005-04-17 body RNDWORD /^RND_WORD\s*$/ describe RNDWORD RND_WORD -score RND_WORD 3 +score RNDWORD 3 # blarson 2005-08-18 header D3GREE subject =~ /\bd(?:3gres?|esgre|eerge|eeerg|reege|egres)e?s?\b/i @@ -345,7 +345,7 @@ score ACRO8PR0 4 # blarson 2007-08-31 body WBRS /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?)\b/ describe WBRS stock spam -score BRS 4 +score WBRS 4 # blarson 2007-01-26 header ACROBAT8 subject =~ /\badobe acr[o0]bat 8\b/i diff --git a/common/scores b/common/scores index 28f4059..1bf8cfa 100644 --- a/common/scores +++ b/common/scores @@ -68,6 +68,7 @@ score BAYES_60 0 0 1 1 # score BAYES_70 0 0 1 1 score BAYES_80 0 0 1 1 # score BAYES_90 0 0 2 2 +score BAYES_95 0 0 2 2 # score BAYES_99 0 0 3 3 score BAYES_99 4 diff --git a/lists/common b/lists/common new file mode 120000 index 0000000..60d3b0a --- /dev/null +++ b/lists/common @@ -0,0 +1 @@ +../common \ No newline at end of file